PRESS ENTER

post

Earlier this year, CipherCloud and the Cloud Security Alliance (CSA) announced that they had launched a new working group to develop a Cloud Security Open API. Their remit was to develop a guide for cloud service providers and enterprises on the interoperability and operation of cloud security, focusing on the protection of PII and sensitive data across multiple clouds. What made this API initiative different was that it was to cover a range of cloud services, bridging the gap between proprietary cloud environments, unlike other APIs which just allowed access to a specific core code base.

So Why a Cloud Security Open API?

Cloud deployments within the enterprise are becoming widespread which leads to more complex ecosystems, and leads to businesses finding it harder and harder to control the cloud ecosystem as it connects with different places – confidential information, personal data, company IPs, etc. So, to control this type of environment, full transparency of the entire ecosystem, including partner applications that are held in outside of the clouds you deal with, and gate-keeping processes at integration points, needs to be in place; a mammoth task for many organisations.

Incorporate a Cloud Security Open API and you deliver a layer of abstraction that can be accessed not only by the cloud users, but also third party providers and allow the integration of the cloud’s core functions. The layer across different clouds means that end-user organisations are able to leverage standard integrations quickly and easily, reducing the possibility of one-off custom developments that can be costly. This, in turn, speeds up cloud adoption and enhances innovative technological advances.

Develop cross-cloud innovations – Cloud Security Open APIs will allow developers to establish cross-cloud functions with the need to custom integrate each individual cloud the organisation works with. This could lead to new innovations in unexplored areas for cloud users and providers.

Create new functionality for cloud services – cloud services providers that utilise Cloud Security Open APIs will mean that a greater group of developers will be able to leverage the provider’s core code data to deliver functionality aligned to their own, potentially leading to better, enhanced user experiences as well as advances in technology.

Cloud Security Open APIs Progress

The Working Group developed a roadmap:

1. Define a set of concrete security use cases covered by the Open APIs.

2. Produce the Cloud Security Open API framework.

3. Generate a reference architecture that implements the API framework.

4. Produce industry guidance and white papers.

This week, 12th October, saw the release of the draft of the Open API Working Group Charter by the Cloud Security Alliance asking for comments and suggestions to be reviewed by the editing committee. Have your say on Open APIs for cloud security and make this part of our future.